1. Field of Invention
The present invention relates to managing encryption keys in a computer system.
2. Background of the Invention
Computer systems are commonly implemented as virtual machines. A virtual machine (VM) is a software implementation of a computer that provides an operating system or executes application programs as if it were a physical machine. VMs are commonly provided on a physical machine by a virtual machine environment (VME) application program, which provides a user interface for managing the provided VMs.
As with any computer system some of the associated data may need to be stored securely and is thus encrypted when not in use. Encryption and decryption is performed using an encryption key. Access to the encryption key is controlled so as to be limited to predetermined users or processes. In a VME, system encryption keys may be provided for encrypting data within the VME such as data in any of the VMs or the VM system data itself. System encryption keys may be changed by any user with suitable security access. The change of the system encryption key in a VME commonly triggers a process of re-encryption of all encrypted data in the VME with the new system key. Re-encryption using the new system key is therefore only possible when data is locked so that it cannot be accessed, that is, the encrypted data is guaranteed not to be in use.
VMs may be migrated between VMEs on different physical computers via a network connection connecting the relevant source and target computers. During migrations secure data is encrypted using the system encryption key of the VME on the source computer before being communicated to the target machine and decrypted using the system encryption key of the VME on the target computer.
In order for the migration to be successful, the system encryption key must be the same at both the source and target computers. Therefore, system key changes during migration or prior to decryption of migrated encrypted data are not allowed. In other words, migrations and key changes are not allowed to co-exist. Since migrations can be long processes, the inability for these processes to be performed concurrently is a significant problem in such computer systems.